Conduix
Sign inGet started

Governance

Spend caps, model allowlists, region pinning, PII redaction, and per-key controls.

Conduix gives you many small levers to keep teams in their lane: cap spend, restrict models, pin regions, redact PII, throttle keys. Every lever is enforced before the upstream provider call — not after the bill arrives.

Spend caps

Per-organization daily and monthly hard ceilings. When the cap is exceeded, requests fail with HTTP 402 spend_cap_exceeded and the provider call never runs. Configure at /dashboard/settings.

Daily cap
UTC day boundary; resets at midnight UTC
Monthly cap
UTC month boundary; resets on the 1st
Alert threshold
Default 80%; warns before blocking

Model allowlists

Per-key restriction on which models that key can call. If the request asks for a model not on the list, the response is model_not_allowed (HTTP 403) and never reaches upstream.

API key with allowlist
{
  "name": "Internal tools",
  "allowed_models": [
    "gpt-4o-mini",
    "claude-haiku-4-5-20251001",
    "byo:*"
  ],
  "rate_limit": 60
}

Use byo:* as a wildcard to allow any BYO endpoint without naming each one.

Per-key rate limits

Requests per minute, enforced via Redis sliding window. Per-key (not per-org) so different teams can't starve each other. Configure when minting a key. Throttled requests get rate_limit_exceeded (HTTP 429) with a Retry-After header.

Region pinning (data residency)

Conduix maps each provider to its primary inference region: US, EU, or APAC. Set a key's data-residency to one of these and Conduix will only route to providers in that region — including for fallbacks.

us
OpenAI, Anthropic, Google, Groq, Together, Fireworks
eu
Mistral
apac
DeepSeek
If no provider in the chosen region serves the requested model (or all are unhealthy), the request fails closed with provider_not_permitted. It does not silently fall over to a different region.

PII redaction

Strip emails, SSNs, phone numbers, and Luhn-validated credit cards from request bodies before they leave Conduix. Two-tier control:

  • Org-level default: on/off at /dashboard/settings.
  • Per-key override: each key can opt in or out, overriding the org default.
  • Per-request override: set the header x-conduix-pii-redact: true|false if you need to flip it for a specific request.

When redaction fires, Conduix sends x-conduix-pii-redacted: <count> in the response so you can verify it ran.

Provider-level governance (operator side)

Operators (iVirtualsoft) can also enforce platform-wide constraints — these aren't customer-configurable but customers can rely on them being in place:

  • Provider budgets at the platform level — alerts fire to Slack/Teams at 70/80/90/100% of monthly spend.
  • Hard cap on provider — when set, traffic auto-fails over to fallbacks if a provider is over budget.
  • Circuit breakers per provider — three consecutive upstream failures trip the breaker for 30 seconds, traffic routes around.

Audit trail

Every governance change (cap update, allowlist change, residency change, PII toggle) lands in /dashboard/audit with the user who made the change, the IP, and the request id. Append-only, exportable, compliance-ready.

Security